<?php
// To validate any text field:
//1- Include this file in the form validation file
//2- Call the function make_safe($_POST['field_name'])
/**
* strip_html_tags()
* @param string $text 
* @return string
*/
function strip_html_tags($text) {
$text = preg_replace(
array(
  // Remove invisible content
  '@<head[^>]*?>.*?</head>@siu',
  '@<style[^>]*?>.*?</style>@siu',
  '@<script[^>]*?.*?</script>@siu',
  '@<object[^>]*?.*?</object>@siu',
  '@<embed[^>]*?.*?</embed>@siu',
  '@<applet[^>]*?.*?</applet>@siu',
  '@<noframes[^>]*?.*?</noframes>@siu',
  '@<noscript[^>]*?.*?</noscript>@siu',
  '@<noembed[^>]*?.*?</noembed>@siu'
  ), array(
  '', '', '', '', '', '', '', '', ''), $text);
  return strip_tags($text);
}
/**
* make_safe()
* @param string $variable text grabbed from the html form field
* @return string
*/
function make_safe($variable) {
  $variable = strip_html_tags($variable);
  $bad = array("=", "<", ">", "/", "\"", "`", "~", "$", "%", "#" , ";");
  $variable = str_replace($bad, "", $variable);
  $mm = trim($variable);
  $variable = mysql_real_escape_string($mm) ;
  //mysql_real_escape_string(trim($variable));
  return $variable;
}

?>